Chapter 42 Object
ZyWALL/USG Series User’s Guide
786
•Local user database
The ZyWALL/USG uses the built-in local user database to authenticate administrative users
logging into the ZyWALL/USG’s Web Configurator or network access users logging into the
network through the ZyWALL/USG. You can also use the local user database to authenticate VPN
users.
• Directory Service (LDAP/AD)
LDAP (Lightweight Directory Access Protocol)/AD (Active Directory) is a directory service that is
both a directory and a protocol for controlling access to a network. The directory consists of a
database specialized for fast information retrieval and filtering activities. You create and store
user profile and login information on the external server.
•RADIUS
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used
to authenticate users by means of an external or built-in RADIUS server. RADIUS authentication
allows you to validate a large number of users from a central location.
Directory Structure
The directory entries are arranged in a hierarchical order much like a tree structure. Normally, the
directory structure reflects the geographical or organizational boundaries. The following figure
shows a basic directory structure branching from countries to organizations to organizational units
to individuals.
Figure 542 Basic Directory Structure
Distinguished Name (DN)
A DN uniquely identifies an entry in a directory. A DN consists of attribute-value pairs separated by
commas. The leftmost attribute is the Relative Distinguished Name (RDN). This provides a unique
name for entries that have the same “parent DN” (“cn=domain1.com, ou=Sales, o=MyCompany” in
the following examples).
cn=domain1.com, ou = Sales, o=MyCompany, c=US
cn=domain1.com, ou = Sales, o=MyCompany, c=JP
Root
US
Japan
Sprint
UPS
NEC
Sales
RD3
QA
CSO
Sales
RD
Countries (c)
Organizations
Organization Units
Unique
Common Name
(cn)
To Next Page
Loading...
